"Defensive" BGP hijacking?

of Blake Hudson <blake@ispn.net>

My suggestion is that BackConnect/Bryant Townsend should have their ASN
revoked for fraudulently announcing another organization's address
space. They are not law enforcement, they did not have a warrant or
judicial oversight, they were not in immediate mortal peril, etc, etc.

ARIN has policies against fraudulently obtaining resources and has policies for revoking said resources. One could argue that announcing another org's IP resources without authorization is fraud and that said ip resources were fraudulently obtained during the time they were announced by BlackConnect. That said, this ASN was obtained through RIPE (despite the person/company being located in Calfornia, USA) and I did not see any RIPE policies related to fraud.

My thought is that if Mr Townsend shows disregard for the stability of the internet by hijacking other's IP space, he should not be allowed to participate. There are comments to the Kreb's article indicating that this was not an isolated incident by Mr Townsend and instead represents one event in a pattern of behavior.

Are the RIRs the internet police?

Thank you Scott for posing that question… :slight_smile:

As others have noted, ARIN does indeed revoke resources, but to be clear,
this is generally due to fraudulent activities _related_ to the registry itself
(i.e. if you commit fraud in the course of obtaining resources, ARIN will
revoke those resources once we have determined the fraud beyond
reasonable doubt; see <https://www.arin.net/resources/fraud/index.html>)

The specific circumstances raised (of a party announcing an AS# which they
do not control) can only happen if the others in the industry allow such, and
therefore it is entirely within the community to address. While It is possible
that some peering and/or transit agreements have been broken (for example,
those agreements which state that the party should only announce routes that
they have permission to do so), but in any case, the act of announcing someone
else’s number resources stems from usage that the community is allowing to
occur, either thru action or inaction, and is not any fraudulent act with respect
the Internet number registry itself.

ARIN is not a law enforcement entity (although we do work with them on
occasion with regard to registry fraud), and it really is up to the industry to
“police” Internet routing to the extent necessary and desirable to keep the
Internet running.


John Curran
President and CEO


I appreciate you making this statement, and I appreciate ARIN’s attitude that this is a community issue. ISPs have done an amazing job of self-regulation, while still preserving their ability to innovate and be agile in the marketplace. BGP is a perfect example of that kind of self-policing.

Outside regulation is rarely preferable to community self control, and I think a clear path forward is for those of us in the community to contact BackConnect and respectfully ask that they recognize their incorrect actions and repudiate this practice for the future. Everyone deserves a chance to recognize their mistakes and apologize, so I think we owe BackConnect this much.

Nanog seems like a great place for BackConnect to reply to the ISP community as well.